安全研究

安全漏洞
Bouncy Castle安全漏洞(CVE-2018-1000180)

发布日期:2019-06-10
更新日期:2019-06-11

受影响系统:
Oracle PeopleSoft Enterprise PeopleTools 8.57
Oracle PeopleSoft Enterprise PeopleTools 8.56
Oracle PeopleSoft Enterprise PeopleTools 8.55
Oracle WebLogic Server 12.2.1.3.0
Oracle WebLogic Server 12.2.1.3
Oracle WebLogic Server 11.1.1.9.0
Oracle Business Transaction Management (BTM) 12.1.0
Oracle API Gateway 11.1.2.4.0
Oracle Communications WebRTC Session Controller 7.1
Oracle Communications WebRTC Session Controller 7.1
Oracle Communications WebRTC Session Controller 7.0
Oracle Communications WebRTC Session Controller 7.0
RedHat Satellite 6
Oracle SOA Suite 12.2.1.3.0
Oracle SOA Suite 12.1.3.0.0
RedHat Virtualization 4
Oracle Enterprise Repository 12.1.3.0.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.1.3.0.0
Oracle Business Process Management Suite 11.1.1.9.0
RedHat Software Collections for RHEL
RedHat JBoss Fuse 6.0
Oracle Retail Xstore Point of Service 7.1
Oracle Retail Xstore Point of Service 7.0
Oracle Retail Convenience and Fuel POS Software 2.8.1
Oracle Managed File Transfer 12.2.1.3.0
Oracle Managed File Transfer 12.1.3.0.0
Oracle Communications Converged Application Server
Oracle Communications Application Session Controller 3.8
Oracle Communications Application Session Controller 3.7.1
Bouncy Castle Fips Java Api 1.0.1
Bouncy Castle Fips Java Api 1.0
Bouncycastle Bouncy Castle 1.59
Bouncycastle Bouncy Castle 1.54
不受影响系统:
Oracle Communications WebRTC Session Controller 7.2
Oracle Communications WebRTC Session Controller 7.0.0.1
Bouncy Castle Fips Java Api 1.0.2
Bouncycastle Bouncy Castle 1.60 Beta4
描述:
BUGTRAQ  ID: 106567
CVE(CAN) ID: CVE-2018-1000180

Bouncy Castle是密码学中使用的API的集合。它包括Java和C#编程语言的API 。
Bouncy Castle BC 1.54 - 1.59,BC-FJA 1.0.0,BC-FJA 1.0.1及更早版本在RSA密钥对生成器的低级接口中存在缺陷,特别是在低级API中生成的RSA密钥对,增加了确定性MR测试可能比预期的少。这似乎在版本BC 1.60 beta 4及更高版本BC-FJA 1.0.2及更高版本中得到修复。

<*来源:Bernd Eckenfels
  
  链接:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
*>

建议:
厂商补丁:

Oracle
------
Oracle已经为此发布了一个安全公告(CVE-2018-1000180)以及相应补丁:
CVE-2018-1000180:Oracle Critical Patch Update Advisory - April 2019
链接:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

补丁下载:

浏览次数:1232
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客